Supporting multiple access control policies in database systems
Bertino, E.; Jajodia, S.; Samarati, P.
Security and Privacy, 1996. Proceedings., 1996 IEEE Symposium on
Volume , Issue , 6-8 May 1996 Page(s):94 - 107
Digital Object Identifier 10.1109/SECPRI.1996.502673
Summary:Although there are several choices of policies for protection of
information, access control models have been developed for a fixed set
pre-defined access control policies that are then built into the
corresponding access control mechanisms. This becomes a problem,
however, if the access control requirements of an application are
different from the policies built into a mechanism. In most cases, the
only solution is to enforce the requirements as part of the application
code, but this makes verification, modification, and adequate
enforcement of these policies impossible. In this paper, we propose a
flexible authorization mechanism that can support different security
policies. The mechanism enforces a general authorization model onto
which multiple access control policies can be mapped. The model permits
negative and positive authorizations, authorizations that must be
strongly obeyed and authorizations that allow for exceptions, and
enforces ownership together with delegation of administrative privileges
View citation and abstract |
Cart
